0

I built a song request form for my wedding website and would like to check if the variables I am storing the form input in is empty before POST'ing to the database. My goal is simple prevent blank rows from being added to mysql db when the for is fired off.

 <?php 
// extract data from form; store in variable
$artist =  $_POST["artist"];
$song = $_POST["song"];

// connect to server 
$conn = mysql_connect('host', 'user', 'pass');


// check if you can connect; if not then die

if (!$conn) {
    echo "<center>";
    die('Could Not Connect: ' . mysql_error());
    echo "</center>";
    }

// check if you can select table; in not then die

$db = mysql_select_db('database', $conn);

if (!$db) {
    echo "<center>";
    die('Database Not Selected: ' . mysql_error());
    echo "</center>";
    }

// Define the query to inser the song request
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

// check if above variables are empty 
if (!empty($artist) and !empty($song)) {
    echo "<center>";
    echo "Insert was succesful<br>";
    echo "<a href='index.html' target='_self' >Back</a>";
    echo "</center>";
}
else {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

// close the connection to the server
mysql_close($conn);
?>

I have the above in a file called insert.php which is fired off when form on the index page is submitted. Form is submitting using POST and works just fine, however I would like to prevent blank submissions from happening.

Very new to programming and want to learn how to do this right.

Thanks for your patience.

Improve this question

5 Answers 5

Reset to default
4

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

However, as a straightforward answer to your question: instead of validating after you've inserted the results, validate before. Also, remember to sanitize (using mysql_real_escape_string) anything you insert into a database if you do use mysql_* functions. Sanitizing inputs will prevent from SQL injections and remove some vulnerability issues.

if($errors) {
    // there are errors, don't submit to database
    // run through error display process

} else {
    // submit to database
    $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will look into prepared statements and the use of mysqli. Thank you very much for the help.
2

You are so close! All you had to do was put the insert after you do a check if the artist and song are filled in!

<?php 
    // extract data from form; store in variable
    $artist =  $_POST["artist"];
    $song = $_POST["song"];

    // connect to server 
    $conn = mysql_connect('host', 'user', 'pass');

    // check if you can connect; if not then die

    if (!$conn) {
        echo "<center>";
        die('Could Not Connect: ' . mysql_error());
        echo "</center>";
    }

    // check if you can select table; in not then die

    $db = mysql_select_db('database', $conn);

    if (!$db) {
        echo "<center>";
        die('Database Not Selected: ' . mysql_error());
        echo "</center>";
    }

    // check if above variables are empty 
    if (!empty($artist) and !empty($song)) {
        // Define the query to inser the song request
        $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

        if($insert) {
          echo "<center>";
          echo "Insert was succesful<br>";
          echo "<a href='index.html' target='_self' >Back</a>";
          echo "</center>";
        }
    }
    else {
        echo "<center>";
        die("Please fill in at least the artist name");
        echo "</center>";
    }

    // close the connection to the server
    mysql_close($conn);

That's it!

Improve this answer

3 Comments

Thank you all. That worked and I should have seen that in the code. Appreciate the quick help and for mentioning the user of prepared statements instead.
where did he mention the use of prepared statements?
in your response Nile. that bit about prepared statements was meant for you
0

Using empty should be enough. There is isset also

http://php.net/manual/en/function.isset.php

Improve this answer

Comments

0

Well, you already have your check with empty. Just move it before the insert and act accordingly

if (empty($artist)) {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

or check both 

if (empty($artist) or empty($song)) {
...
}
Improve this answer

Comments

0

First validating the variables through function or using if statement like 

if (!empty($artist) && !empty($song))
 { $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.